The security aspect handles role-based security on method level (could even do it on field level) and handles both authentication and authorization.

The implementation is completely unaware of the security scheme being used. It relies on abstraction and is using security managers that implements the SecurityManger interface. If the security managers available does not meet your needs you can just implement you own implementation of the interface and plug it into the aspect.